Attacks on industrial control systems increase

More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were hit with malware once or more during the first half of 2018.

The company's researchers revealed statistics indicating this kind of threat is of growing concern. "In 2017, the figure increased from 36.61% in the first half of the year to 37.75% in the second half, and to 41.2% in the first half of 2018."

Attacks on industrial systems are a significant threat, as they cause material losses and production downtime for an entire system. "In addition, industrial enterprises knocked out of service can seriously undermine a region's social welfare, ecology and macro-economics," says Kaspersky.

According to the company, the largest most threats come via the Internet, which has become the main source of infection for ICS. "Twenty-seven percent of threats are received from the Web, 8.4% from removable storage media and 3.8% from mail clients."

Kirill Kruglov, security researcher at Kaspersky Lab, says the number of cyber attacks on ICS computers is a concern. "Our advice is to pay attention to systems' security from the very beginning of their integration, when the systems' elements are first connected to the Internet; neglecting security solutions at this stage could lead to dire consequences."

Attacks by region

Middle East countries were among the top 20, by percentage, of ICS computers attacked during H1 2018. The countries most impacted were Vietnam, with 75.1% of computers attacked; Algeria, with 71.6%; and Morocco, with 65%. On the other hand, the safest regions for industrial machines were Denmark, with 14%; and Ireland, with 14.4%.

Countries in Africa, Asia and Latin America fared worse in terms of the percentage of ICS computers attacked in the same period. Africa came in second, with just under 60%, and South East Asia came in first, with just over 60%.

Kaspersky attributes these differences in part to the amount of funds invested by organisations in infrastructure protection solutions.

"According to IDC, from a geographic perspective, the US and Western Europe were the largest markets for information security products in 2017. Within geographical regions, the figures can vary significantly between different countries. For example, the situation in South Africa is the most favourable compared to most African countries, and Israel and Kuwait are noticeably better off than other countries in the Middle East."

Protecting ICS

There are several steps that Kaspersky Lab ICS CERT recommends to secure ICS computers. "Regularly update operating systems, application software and security solutions on systems that are part of the enterprise's industrial network. In addition, restrict network traffic on ports and protocols used on edge routers and inside the organisation's OT networks."

The company also advises to audit access control for ICS components in the enterprise's industrial network and at its boundaries; deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyber attacks; and adopt network traffic monitoring, analysis and detection solutions for better protection against targeted attacks. Finally, provide dedicated training and support for employees as well as partners and suppliers with access to your network, Kaspersky says.